Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Recent Advances in Intrusion Detection

RAID 2005: Recent Advances in Intrusion Detection pp 265–283Cite as

Interactive Visualization for Network and Port Scan Detection

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3858))

Abstract

Many times, network intrusion attempts begin with either a network scan, where a connection is attempted to every possible destination in a network, or a port scan, where a connection is attempted to each port on a given destination. Being able to detect such scans can help identify a more dangerous threat to a network. Several techniques exist to automatically detect scans, but these are mostly dependant on some threshold that an attacker could possibly avoid crossing. This paper presents a means to use visualization to detect scans interactively.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Becker, R.A., Eick, S.G., Wilks, A.R.: Visualizing network data. IEEE Transactions on Visualization and Computer Graphics 1(1), 16–28 (1995)

    Article  Google Scholar 

  2. Dokas, P., Ertoz, L., Kumar, V., Lazarevic, A., Srivastava, J., Tan, P.: Data mining for network intrusion detection. In: Proc. NSF Workshop on Next Generation Data Mining (2002)

    Google Scholar 

  3. Erbacher, R.F.: Visual traffic monitoring and evaluation. In: Proceedings of the Conference on Internet Performance and Control of Network Systems II, pp. 153–160 (2001)

    Google Scholar 

  4. Girardin, L., Brodbeck, D.: A visual approach for monitoring logs. In: Proceedings of the 12th Usenix System Administration conference, pp. 299–308 (1998)

    Google Scholar 

  5. Goldring, T.: Scatter (and other) plots for visualizing user profiling data and network traffic. In: VizSEC/DMSEC 2004: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, pp. 119–123. ACM Press, New York (2004)

    Chapter  Google Scholar 

  6. Jung, J., Paxson, V., Berger, A.W., Balakrishnan, H.: Fast portscan detection using sequential hypothesis testing. In: Proc. IEEE Symposium on Security and Privacy (2004)

    Google Scholar 

  7. Kohonen, T.: Self-Organization and Associative Memory, 3rd edn. Springer, Berlin (1989)

    Google Scholar 

  8. Lakkaraju, K., Bearavolu, R., Yurcik, W.: NVisionIP—a traffic visualization tool for security analysis of large and complex networks. In: International Multiconference on Measurement, Modelling, and Evaluation of Computer-Communications Systems (Performance TOOLS) (2003)

    Google Scholar 

  9. Lau, S.: The spinning cube of potential doom. Communications of the ACM 47(6), 25–26 (2004)

    Article  Google Scholar 

  10. Marchette, D.J., Nair, V., Jordan, M., Lauritzen, S.L., Lawless, J.: Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. In: Statistics for Engineering and Information Science. Springer, New York (2001)

    Google Scholar 

  11. McPherson, J., Ma, K.-L., Krystosk, P., Bartoletti, T., Christensen, M.: Portvis: A tool for port-based detection of security events. In: ACM VizSEC 2004 Workshop, pp. 73–81 (2004)

    Google Scholar 

  12. Mundiandy, K.: Case study: Visualizing time related events for intrusion detection. In: Proceedings of the IEEE Symposium on Information Visualization 2001, pp. 22–23 (2001)

    Google Scholar 

  13. Pang, R., Yegneswaran, V., Barford, P., Paxson, V., Peterson, L.: Characteristics of internet background radiation. In: Proceedings of the Internet Measurement Conference (2004)

    Google Scholar 

  14. Parno, B., Bartoletti, T.: Internet ballistics: Retrieving forensic data from network scans. In: Poster Presentation, the 13th USENIX Security Symposium (August 2004)

    Google Scholar 

  15. Portnoy, L., Eskin, E., Stolfo, S.J.: Intrusion detection with unlabeled data using clustering. In: Proceedings of ACM CSS Workshop on Data Mining Applied to Security, DMSA 2001 (2001)

    Google Scholar 

  16. Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 2002 Usenix Security Symposium (2002)

    Google Scholar 

  17. Teoh, S.T., Ma, K.-L., Wu, S.F., Zhao, X.: Case study: Interactive visualization for internet security. In: Proc. IEEE Visualization (2002)

    Google Scholar 

  18. Young, F.W., Hamer, R.M.: Multidimensional Scaling: History, Theory and Applications. Erlbaum, New York (1987)

    Google Scholar 

  19. Yurcik, W., Barlow, J., Lakkaraju, K., Haberman, M.: Two visual computer network security monitoring tools incorporating operator interface requirements. In: ACM CHI Workshop on Human-Computer Interaction and Security Systems, HCISEC (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of California, Davis

    Chris Muelder & Kwan-Liu Ma

  2. Lawrence Livermore National Laboratory,  

    Tony Bartoletti

Authors
  1. Chris Muelder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kwan-Liu Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tony Bartoletti
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. SRI International, 333 Ravenswood Ave., 94025, Menlo Park, CA, USA

    Alfonso Valdes

  2. IBM Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Diego Zamboni

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Muelder, C., Ma, KL., Bartoletti, T. (2006). Interactive Visualization for Network and Port Scan Detection. In: Valdes, A., Zamboni, D. (eds) Recent Advances in Intrusion Detection. RAID 2005. Lecture Notes in Computer Science, vol 3858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11663812_14

Download citation

  • DOI: https://doi.org/10.1007/11663812_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-31778-4

  • Online ISBN: 978-3-540-31779-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation